diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index 91d663669..b4945320e 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -40,3 +40,5 @@ Changes since 2.0.3
 18) Removed DNAT ONLY column.
 
 19) Added IPSEC column to /etc/shorewall/masq.
+
+20) No longer enforce source port 500 for ISAKMP.
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 4d00c00ff..3b7c8f63c 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1472,10 +1472,10 @@ setup_tunnels() # $1 = name of tunnels file
 	    run_iptables -A $outchain -p 51	 -d $1 -j ACCEPT
 	fi
 
-	run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
+	run_iptables -A $outchain -p udp -d $1 --dport 500 $options
 
 	if [ $kind = ipsec ]; then
-	    run_iptables -A $inchain  -p udp -s $1 --sport 500 --dport 500 $options
+	    run_iptables -A $inchain  -p udp -s $1 --dport 500 $options
 	else
 	    run_iptables -A $inchain  -p udp -s $1 --dport 500 $options
 	    run_iptables -A $inchain  -p udp -s $1 --dport 4500 $options
@@ -1483,9 +1483,9 @@ setup_tunnels() # $1 = name of tunnels file
 
 	for z in $(separate_list $3); do
 	    if validate_zone $z; then
-		addrule ${FW}2${z} -p udp --sport 500 --dport 500 $options
+		addrule ${FW}2${z} -p udp --dport 500 $options
 		if [ $kind = ipsec ]; then
-		    addrule ${z}2${FW} -p udp --sport 500 --dport 500 $options
+		    addrule ${z}2${FW} -p udp --dport 500 $options
 		else
 		    addrule ${z}2${FW} -p udp --dport 500 $options
 		    addrule ${z}2${FW} -p udp --dport 4500 $options
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 1c40e9b7a..6fb32e27d 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -262,3 +262,5 @@ New Features:
     have their source address changed. Otherwise, the unencrypted
     packets will not have their source addresses changed.
  
+8)  To improve interoperability, tunnels of type 'ipsec' no longer
+    enforce the use of source port 500 for ISAKMP.